Important: Some reports have erroneously reported the following article as saying that 1 in 5 Macs are *infected* with Windows malware. That is inaccurate. They are, according to our study, harbouring or carrying Windows malware. An important difference! As we explain below, the Mac malware discovered is a much more serious threat to Mac users than the Windows malware – but it would be good if it was all cleaned up! Thanks to @ErrataRob for suggesting I post this clarification.

One in every five Mac computers is harbouring some kind of malware, a new study from the experts at Sophos has revealed.

Sophos has revealed a disturbingly high level of malware on Mac computers – with both Windows and Mac threats being discovered.

A 100,000 strong snapshot of the millions of Mac computers which have recently downloaded Sophos’s free Mac anti-virus software, revealed that 20% of Mac computers were carrying one or more instances of Windows malware.

Although Windows malware on Macs won’t cause symptoms (unless users also run Windows on their computer), it can still be spread to others.

More disturbingly, Sophos’s analysis also shows that 2.7% (one in 36) of Macs which downloaded the free anti-virus product were found to be infected by Mac OS X malware.

Malware can spread onto Macs via USB drives, email attachments, website download, or even a silent drive-by installation where the user doesn’t realise their Mac’s security has been subverted.

Sadly, cybercriminals view Macs as a soft target, because their owners are less likely to be running anti-virus software. Bad guys may also believe that Mac users are likely to have a higher level of disposable income than the typical Windows user. So, they might believe the potential for return is much higher.

Some Apple fans might feel relieved that they are seven times more likely to have Windows malware on their Macs than Mac OS X-specific threats, but they shouldn’t be.

What Mac users really need to do is protect their computers now (there really is no excuse, free anti-virus software is available for Mac home users), or risk allowing the malware problem on Macs to become as big as the problem on PCs in the future.

Parallels between rate of Macs carrying malware and level of Chlamydia infection amongst young people

Let’s look at the stats again, revealed by this study.

20% of Macs tested were found to be carrying Windows malware

One in 36 Macs tested was found to be infected by Mac OS X malware

And here’s another factoid from a field that has nothing to do with computer security:

Chlamydia is the most commonly transmitted sexually transmitted disease amongst young people, with some studies having claimed up to 20% of youngsters are infected.

Just like malware on your computer, Chlamydia commonly shows no obvious symptoms. But left undetected Chlamydia can caused serious problems, such as infertility.

Some countries are so worried about the prevalence of Chlamydia that they have created national screening initatives and advise that people under 25 who are sexually active should be tested for the infection annually.

The good news is that Chlamydia is easy to treat.

And, if it isn’t too tacky to make a parallel, so is malware on Macs.

Windows malware found on Macs

Although most of the malware we’re currently seeing on Macs is designed to infect Windows, you should still be a responsible member of society and ensure that you’re keeping your Mac squeaky clean.

Currently, Mac users are doing a pretty poor job on that front.

Amazingly, some of the malware discovered by Sophos on the 100,000 Mac computers sampled dates back to 2007, and would have been easily detected if the users had run an anti-virus sooner.

Unlike a test for Chlamydia, you can check your Mac for something nasty from your armchair. The test is painless and free – you just download an anti-virus and allow it to check your computer and protect it against infections in future.

Advice for Mac users

Here’s some advice for Mac users:

Run an anti-virus program, and make sure it’s kept up-to-date.

Keep your security patches up-to-date – not just for your operating system, but also for programs which you run on your Mac

Exercise caution about the programs you install, the links you click on and the attachments you open

Keep your wits about you and stay informed! If you keep clued-up about security threats you are less likely to be tricked by a cybercriminal into making a poor decision.

Post navigation

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter: <a href="https://twitter.com/gcluley">@gcluley</a>.

That's hardly true, a useful myth however, most Mac users aren't that silly. Also 70% of Mac users also use Windows on a regular basis, not the other way around which I presume is why Mac users are easy to ridicule.

I have Sophos Free Anti-Virus for Mac Home Edition installed on my Mac. It did find a Trojan on my sister’s external drive and it cleaned the Trojan. I then did a scan and it confirmed that it was gone. I have my Mac up to date with the latest patches, along with security measures like having the automatic login disabled, Stealth mode and the firewall enabled. I also leave my wireless card off and turn it on when I need Internet access. It should be noted that Macs have gained market share and that have attracted the attention of malware writers. Please be vigilant of the websites you visit, and be careful when clicking on links in emails, and lastly, install Sophos Free Anti-Virus Home Edition for Mac.

Ha, this is funny because we talked about this in my design classes. People using lion were infected and people using anything less than 10.6.8 were infected. Funnily enough, none of them used anti-virus software… this is a month after I told my colleagues they need to get Sohpos… (why else would someone's mac freeze or shutdown 3 times a day?).

I bought a brand new one that did just that. In fact the pointer froze every time the machine was left on for a few minutes, which was maddening, for example when interrupted by the doorbell whilst half way through making a Facebook entry. Amounts of work were lost many times!

And it was not infected because I ran Sophos from the start, and did a full sweep after transferring stuff from my other machine. In fact Apple paid to have the Logic Board replaced under warranty, to no avail.

Upgrading from Snow Leopard to Lion appears to have solved the problem, though we usually shut it down when not using it, from force of habit.

You wrote "armchair," but my brain interpreted it as "arm hair," and I got confused. I'm pretty sure you can't get Chlamydia via your arm hair, but for a brief moment, in my brain, there were armpits, STDs and malware. It was a highlight of my day, so thank you.

1. Not if you're running more than one OS on your Mac (I know quite a few people who run both windows 7 and Lion)

2. Windows Malware still spreads from Macs to windows computers. Manners wise, it's the equivalent of coughing all over other people's food. Sure you might not have anything that effects you, but it's gonna effect others.

3. Having windows malware on your Mac system, however useless, still cloggs up space. And it probably isn't sitting in one of your commonly browsed folders just waiting to be deleted.

Pinky – Windows malware does not “spread” from Macs to PCs. That is FUD, pure and simple. Files containing Windows malware can be manually copied or transferred from Macs to PCs by users and only if the PC does not have an effective anti-malware solution. Do you really believe that warrants Mac users running on-access scanners for Windows malware?

Re #2 You are correct, it is bad manners for a windows virus infested box to spread crud onto their Mac brethren. Somehow I find it just a tad hypocritical to blame a Mac user for passing malware onto windows users. Where did it come from in the first place? Most likely an unpatched WIndows box. Personally I run both OS's and run AV on both.

What about networks where both Windows AND OS__? MACs have access to the same connected servers, like transferring files from a home laptop to a company server or email system? A bad Outlook file can hop skip and jump to another computer via the network where it can be remotely opened on a Windows machine.

By definition, a virus infects. Nothing to stop a virus or malware file from hopping from one computer to another. Unless there is GOOD protection on both ends!

I have to admit, I finally installed Sophos on my Mac last week. I did it through gritted teeth but I did it. It found no malware which I consider to be a good result seeing as how I've been running my Mac for three years without any protection. But given the changing landscape I'll keep using it now just in case, it doesn't seem to make any difference to performance.

Funny to see all the Window users rubbing their hands with glee, it's about time the had something to smile about!

I’m one of the 1 in 5. And the malware Sophos found on my Mac was on a drive I use for backup which contained Windows files from an old computer. And it couldn’t clean up the infections so I’m not really feeling like the sky is falling. It is entertaining though when Windoze users get worked up about “big headed mac users” like your choice of computer is some kind of NFL rivalry.

It may not be benign if you are using Microsoft Office suite and also if using a windows emulator for programs like work/exam prep software/professional software that require windows emulation. So your data is still getting out there.

Lets be honest these “viruses” do have undeniable similarities between the ” STD” mentioned!!! Let’s all put any sense of humour or taste to one side!!! Well done SOPHOS another rip roaring and highly entertaining but still strangely helpful review!!!

I wonder how many are in the same boat as I. I lost my home and everything to being sick and the depression of the 21 st century. I no longer can work but love my G5 Mac. No one is updating this machine, but it still runs with how many security holes? No one wants to buy me a new one and I can't, so I surf with it, maybe delivering malware to others? Sorry about that… But what's a boy to do?

here’s still plenty of updated software that runs on the old G5s — assuming you’re running OS X 10.4.11.

2 issues with that:

1. There isn’t much (if any) Mac-specific malware that can attack a G5 that isn’t dependent on gross user stupidity. Specifically, the Java-exploiting Flashback used Intel libraries that would not be loaded on a G5.

I have spyware that so far nothing will find, but I know it is there because the person sends me mesaages and calls and tels me what I did on my computer recently. I have downloaded my own copy of a spyware that I can legally put on my own machine, and my anti virus can’t even find that! And I use a big name anti-virus.

Please give advice on what you should do with a brand new machine fresh from the box. (mac) What spyware? What e-mail system, what browser? Apparently virus removal tools don’t remove spyware. I’m learning the very hard way.

You don't have any spyware. You have a spy. It's not the same thing. You have someone who's enabled remote access to your machine, something that can be done from the system preferences or by manually installing a standard application that wouldn't be "detected" (as there's nothing to detect).

I take great offense to SOPHOS opinion that it is the Mac community's responsibility to protect Windows/PC Users.

PC Users have allowed this to happen to themselves. They pay Microsoft for poor quality software that has so many holes in it that it cannot function. Hey Apple isn't alone, they need to fix the JVM faster, but they also take the necessary steps such as depreciating software much faster. Flash is no longer installed by default. Install at your own risk.

Microsoft and PC Industry as the vast majority of computers out there need to start acting in a responsible manner. Depreciate software faster, provide a quality products and locking out bad software vendors.

The problem with the PC industry is they won't work together — each wants a leg up so you get compatibility problems. Why does a PC's video drivers need to be updated if Microsoft and a big company like any of the ATI's cannot communicate?

The PC Industry allowed us to get to where we are, that's mostly Microsoft, Adobe (Can we say flash bugs all over the place) and several other big PC vendors.

The Mac community is LEADING the industry in secure computing starting with iOS and now its moving to the Mac platform. Its not perfect granted but I see PC users nowhere to be found on this front and Patch Tuesday isn't the answer, that's just patching the greater problem.

Those of us who knew it was only a matter of time before the malware pushers started targeting our Macs (and knew that NO system is inherently immune to such attacks) find it difficult to believe that many Mac users STILL don't get it. But the stats don't lie. Twenty percent of Macs harboring any malware at all — regardless of whether or not it targets the Mac — is an epidemic.

The argument that Windows malware on a Mac is "benign" is unconscionable unless such users never interact with other users. You don't even have to interact with Windows users to be a part of the problem. If you pass Windows malware to other Mac users who DO interact with Windows users, you're a spreader node just as surely as if you gave it to the Windows users yourself.

The notion that "As long as I'm not affected, it's not my problem" is a maddeningly myopic mentality — a relic of the increasingly success-proof isolationist perspective that simply doesn't work in a world of increasing interconnectivity. Ironically, even a monk meditating in isolation a cave knows that separation is an illusion. Yet, people with massive electronic connectivity still manage to believe that their actions have no consequences. It stops the mind.

Tim: I admit I'm completely at a loss to understand the first sentence in your post. It appears that you have imputed to my post a meaning that I never intended.

"No such claim is being made."

Your use of the passive voice without a semantic subject makes it impossible to understand what you're talking about. No such claim is being made BY WHOM? And what claim are you referring to?

Did you expect me to disagree with your statement that the "Advice for Mac Users" section contains sound advice for all computer users? I don't.

I would agree that the people who subscribe to this blog (and actually read it) probably are a bit like the choir, preaching-wise. But the readership is not limited to subscribers. For my part, I post links to NakedSecurity articles on several bulletin boards that are unrelated to security, and I occasionally send such links in emails. Some people appreciate it, and have learned from it, but for whatever reason they do not subscribe, and even those who do subscribe don't read it consistently.

I think you're right about user education being the key, but "education" is not a bivalent condition…as in either you're educated or you're not. Those who are genuinely educable recognize that learning never ends. That's why I keep reading.

It is irresponsible fear-mongering to claim that the widespread presence of Windows malware on Macs is in states that “can still be spread to others” without backing that claim up in detail.

The top two families you cite are carried in email, and are readily identified as “spam” by eye or by low-end spam filters like those used in Mail.app or by most consumer mail providers. It certainly is possible to forward email, but forwarding infective spam is an unusual act. Some of the others are things I would expect to find in the browser caches of reckless wanderers, but they are hardly an infective threat to
anyone from that position.

The comparison to Chlamydia is worse than tacky, it is outright deception. Chlamydia is frequently asymptomatic in the short term but it is living and causes problems in the long run. Chlamydia is not less transmissible by people who have no acute symptoms. For malware that requires Windows to run and propagate, presence on a Mac is not a quiet infection, it is (at worst) non-destructive storage. In some cases storage itself renders the malware inert over time because the attack vector itself is dependent on finding control systems online that don’t live in any one place forever.

One of the reasons Mac users have been reluctant to adopt AV software is that it is perceived as bloatware that does nothing of direct value for a Mac user. Is it worth the AV overhead for the average Mac user to know when he has surfed past a page that has IE-specific evil JavaScript in it or when the latest blatant phish in his Junk folder is recognized specifically as containing a Windows attack vector? Not really. Flashback and PubSab change that analysis significantly, but not enough for a lot of Mac users. Maybe if the major AV vendors could claim to have prevented infections before Apple’s sluggish fix for the Java hole it would be more convincing.

I am not saying that all Mac users who come down on the bareback side are behaving wisely, even if they rationalize the decision. However, it would be a lot easier to persuade Mac users who rationalize their recklessness if there was a lightweight Mac AV tool that didn’t spend most of its time worrying about Windows malware.

1. I trust you're not counting the EICAR test stuff, which I have because I used to run mail servers.

2. The windows infections you are seeing (again) on my machine are in a folder named "Evidence" in which I collected…evidence while running mail servers. I no longer need that, so I've removed the folder.

But I don't think I'm quite a "standard" Mac user. (Long time, as in early 1984, yes, but not "standard".)

Isn't measuring Mac users who downloaded an AV program likely to overstate the amount of malware found on Macs in general? Until last week, Mac users were unlikely to install AV unless they thought their machine was infected (e.g., was exhibiting quirky symptoms).

Some older unpatched Windows machines might have a higher rate, but this Sophos report seems to imply that the average Mac user could be 27x more likely to be infected by malware than the typical Windows 7 user.

So if I have a copy of W32/Doom-A that has been sitting in an email attachments folder on my Mac for the past 7 years, how is that a threat to the Windows machines around me. Unless I choose to forward the email it came attached to, including attachments (not the default) how is it going to leap from my Mac to the Windows machines around me?

Unless I actively choose to try to distribute it for some inane or malicious reason, isn't it just going to sit there, inactive and useless, until this drive is reformatted or dies?

I just hate having a Mac. It is so much more fun when I have to reformat my hard drive and reload everything. A new OS comes out for my PC. Super. Now I can reformat my drive and reload everything. Other than when I bought a new Mac I only had to do that once in 30 years (hard drive crashed). It is so boring being able to run both Mac OS and Windows without a problem, on one computer. A new Mac OS comes out. What a pain deciding what to do. Just load the new one over the old and have everything still work or load the new so I can boot either one. But then, I prefer an automatic transmission in my car, also.

Out of curiosity I installed the Sophos AV software. Turns out that, like the others above, I had a number of spam-flagged emails containing Windows trojans (exe files). While it is nice that the software enabled me to easily detect and remove these, mails in a spam folder do not form a threat to anyone. Indeed, this proves that the spam detection measures are working properly.

The title "1 in 5 Macs has malware on it." is deceptive and spreads FUD. You could as well have written:

"Mails flagged as spam on Macs contain a high percentage of Windows malware attachments." Duh.

I applaud Sophos for providing free AV software for Mac users. But spreading FUD is a whole different matter. I will scan my Mac now and then. But until the threat level on my Mac changes significantly, I will not keep AV software running and eating CPU cycles continuously.

I'm sorry but this is shear bunkum. Having Windows Malware present on a Mac does not mean that the machine is infected with that malware. Nor does it mean that the mac can spread that malware to windows machines. The malware whilst on the Mac is completely inert. It can do nothing. The only things that can happen are as follows:

1) The malware comes in as part of an email and you forward that email manually to someone else.

2) The malware gets into your web browser cache and will eventually be cleared over time. No risk of it spreading here as it's not capable of using any of the machines facilities as it's written for windows.

3) If you take your drive out and put it in another computer and happen to have malware on the disk then perhaps the windows machine can get infected, but that would be the same as putting any disk in your windows machine and getting infected, again nothing to do with it being a Mac.

Thanks for the leaving your comment. As we mention above, some reports have erroneously categorized our article as saying that Macs are *infected* with Windows malware, rather than carrying Windows malware. It's an important difference.

Windows malware won't run on a Mac (unless you're running Windows on the Mac via Bootcamp, Fusion or Parallels or the like..), so it can't spread under its own steam from a Mac to a Windows PC.

However, it's perfectly possible for Mac users to spread Windows malware to their PC-owning colleagues.

For instance off the top of my head:

1) Forwarding malware-infected emails to Windows-using friends and colleagues.
2) Sharing files with Windows colleagues and friends (perhaps using USB sticks or the likes of DropBox)
3) If web development is done on a Mac, infected files (be they executable or HTML/JS infections) can end up being transferred to a webserver and then shared with the world.

A bigger issue, to my mind, is the Mac malware we found on Macs. Although this is a much lower percentage than the prevalence of Windows malware on Macs – it poses a bigger risk to Mac users.

Clearly the Windows malware on Macs isn't as big a problem as Mac malware actually running on Macs, but the fact that some of the Windows malware we found on Macs was five years old underlines that many Mac users simply aren't taking security seriously at all.

The real problem is that MAC users aren't buying anti-virus software. How are the anti-virus companies going to stay in business as an increasing number of people switch to MAC? FUD will keep people on Windows or send them running to buy A-V software.

I use Windows and Macintosh OS (I don't mind getting chaffed on the fence). It's not that some feel Macintosh users are big headed egos trippers. I mean they initially brought into something with an allure like how Windows users did. But when the vendor (Apple) tries to deflect the issue and justify their ignorance, it really mucks up things on the user side. So what if they could "claim" anti virus wasn't needed? LOL I didn't know Apple could build an OS 100% defendable against all viruses (even the ones not invented yet!).

If you want to poke fun at Mac-only users a little just say "you were more of a lapdog to be led to believe one company had some magic spell they casted on every computer they sold to make it immune to viruses."

9 in 10 ‘senior technology consultants at Sophos’ are driven by sales oriented motivation. do you wanna follow?

honestly – even though there are reasons to sensitize mac users for security issues – as an independent cross platform security consultant i have to say that this article is seriously flawed in many aspects.

I was hacked into last week from Nigerian hijackers. Five viruses. I have cleaned three but two Trojans remain and I can't get Sophos to clean them off. The windows remain grey. What can I do to make them live?

I've used Windows PC since the advent of Windows, and have only had four instances of any viruses – none of which ever did any damage. I've always used an excellent 3rd party two-way firewall and antivirus software, plus intelligent browsing habits. I've certainly "thought" about buying a Mac – specifically a Mac Mini – but, I've read posts from Mac users of their system (mother) boards failing after a couple of years. I'm basically a "hardware guy" and my home-assembled PCs simply don't fail. I've never had a motherboard failure with a PC, and since Apple makes it almost impossible for the user to maintain a Mac, I may have to rethink buying a Mac in the future. Since using WinXP, or Win 7 for that matter, I've never had a BSOD! The only memory overflow error I've had is with the Windows Safari browser, which I uninstalled after constant problems. Macs have their place, and especially are useful in the publishing world, but for a person who assembles, maintains, and upgrades his or her own computers, Windows is the only logical, and cost-effective, choice.

Here is what I want to know. Where did these "statistics" come from? With no independent verification to back it up the claims are baseless. I run an IT department for a company with over 50 Macs and 50 PC's. No malware on the Mac and I fight several a month on the PC's. The PC's have anti-virus and the Macs do not.

I have one mac with Anti-Virus and I use it to scan the other Macs to verify my claim.

So 20% of Macs carry Windows malware? This may or may not be true but hardly matters since they are not affected by it. Unfortunately 100% of anti-malware vendors use blatant scaremongering to sell more or their product and unfortunately it works.

Of course Macs get viruses. Apple has known this for years but their major selling point is the claim they are safe from viruses. There is a free anti-virus called ClamXAV from the Mac App Store. Why would they offer an anti-virus download unless they knew there are Mac viruses out there? Also some Mac users will recall the Leopard OS that backed itself up every hour then restored itself if it detected a problem. What problem was it detecting? Viruses! Apple has been lying to their customers for years and it’s time they came clean. I dumped my Mac when I realized they had been lying to me for so long. Never trust a company afraid to tell the truth about getting virused. Who knows what other dirty secrets they are hiding that could put you in danger?

1 in 5 macs? I don’t believe this. i’ve used macs 24 years. and i’ve never had malware on my mac. if your mac has this stuff, id like to know what websites you’re using and what you’re downloading. in 24 years i’ve never had a problem with mac viruses or malware.

now on my windows box, that’s another story. comparing it so Chlamydia is just weird.

Who is Sophos anyway? it’s an anti virus software to install more virus in your computer. The author must have been paid by Sophos to write the article. Can’t believe someone here actually bought and installed Sophos after reading this article. He doesn’t have a Mac or he should know every update is a new layer of anti new virus from mac and it’s free.

The author ws a full-time employee of Sophos at the time he wrote the article. He has a Mac, or he did when he wrote this article. This is a Sophos website, as is pretty clear from the masthead. Our Mac product is free for home use. If you think Apple’s XProtect gives you equivalent security, then you don’t need ours. Other than that…what point are you trying to make?